redis-actionpack-json 4.0.0

data/README.md

@@ -0,0 +1,23 @@
+# Rails 4 Redis session store with JSON serialization
+
+Require store and actionpack
+
+```
+gem 'redis-actionpack-json', '~> 4.0.0'
+gem 'redis-rack', '~> 1.5.2'
+gem 'redis-store', '~> 3.0.0'
+```
+
+Configure the session
+
+```
+MyApplication.config.session_store :redis_store,
+  :key        => '_session_key',
+  :key_prefix => 'key_prefix_',
+  :strategy   => :json_session,
+  :domain     => :all,
+  :server     => {
+    :host       => :localhost,
+    :port       => 6379
+  }
+```

data/redis-actionpack-json/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+pkg/*

data/redis-actionpack-json/Gemfile

@@ -0,0 +1,6 @@
+source "http://rubygems.org"
+gemspec
+
+gem 'redis-store', '~> 1.1.0', :path => File.expand_path('../../redis-store', __FILE__)
+gem 'redis-rack',  '~> 1.4.0', :path => File.expand_path('../../redis-rack',  __FILE__)
+gem 'SystemTimer', :platform => :mri_18

data/redis-actionpack-json/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 - 2011 Luca Guidi
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/redis-actionpack-json/Rakefile

@@ -0,0 +1,8 @@
+require 'bundler'
+Bundler.setup
+require 'rake'
+require 'bundler/gem_tasks'
+
+load 'tasks/redis.tasks.rb'
+task :default => 'redis:test:suite'
+

data/redis-actionpack-json/lib/action_dispatch/middleware/session/redis_store_json.rb

@@ -0,0 +1,24 @@
+require 'redis-store-json'
+require 'redis-rack-json'
+require 'action_dispatch/middleware/session/abstract_store'
+
+module ActionDispatch
+  module Session
+    class RedisStoreJson < Rack::Session::Redis
+      include Compatibility
+      include StaleSessionCheck
+      def initialize(app, options = {})
+        options = options.dup
+        options[:redis_server] ||= options[:servers] if options[:servers].present?
+        super
+      end
+
+      private
+
+      def set_cookie(env, session_id, cookie)
+        request = ActionDispatch::Request.new(env)
+        request.cookie_jar[key] = cookie
+      end
+    end
+  end
+end

data/redis-actionpack-json/lib/redis-actionpack-json.rb

@@ -0,0 +1,4 @@
+require 'redis-store-json'
+require 'action_pack'
+require 'redis/actionpack/version'
+require 'action_dispatch/middleware/session/redis_store_json'

data/redis-actionpack-json/lib/redis/actionpack/version.rb

@@ -0,0 +1,5 @@
+class Redis
+  module ActionPack
+    VERSION = '4.0.0'
+  end
+end

data/redis-actionpack-json/redis-actionpack-json.gemspec

@@ -0,0 +1,32 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "redis/actionpack/version"
+
+Gem::Specification.new do |s|
+  s.name        = 'redis-actionpack-json'
+  s.version     = Redis::ActionPack::VERSION
+  s.authors     = ["Nathan Tsoi", "Luca Guidi", "Matt Horan"]
+  s.email       = ["nathan@vertile.com"]
+  s.homepage    = "http://github.com/nathantsoi/redis-store-json"
+  s.summary     = "Rails 4 Redis session store for ActionPack with JSON serialization"
+  s.description = "Rails 4 Redis session store for ActionPack with JSON serialization"
+
+  s.rubyforge_project = "redis-actionpack-json"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_runtime_dependency 'redis-store-json', '~> 3.0.0'
+  s.add_runtime_dependency 'redis-rack-json',  '~> 1.5.2'
+  s.add_runtime_dependency 'actionpack',  '~> 4.0.0.rc1'
+
+  s.add_development_dependency 'rake',     '~> 10'
+  s.add_development_dependency 'bundler',  '~> 1.2'
+  s.add_development_dependency 'mocha',    '~> 0.13.0'
+  s.add_development_dependency 'minitest', '~> 4.3.1'
+  s.add_development_dependency 'tzinfo'
+  s.add_development_dependency 'mini_specunit'
+  s.add_development_dependency 'mini_backtrace'
+end

data/redis-actionpack-json/test/dummy/.gitignore

@@ -0,0 +1 @@
+log/*

data/redis-actionpack-json/test/dummy/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/redis-actionpack-json/test/dummy/app/controllers/test_controller.rb

@@ -0,0 +1,37 @@
+class TestController < ActionController::Base
+  def no_session_access
+    head :ok
+  end
+
+  def set_session_value
+    session[:foo] = "bar"
+    head :ok
+  end
+
+  def set_session_value_with_expiry
+    request.session_options[:expire_after] = 1.second
+    set_session_value
+  end
+
+  def set_serialized_session_value
+    session[:foo] = SessionAutoloadTest::Foo.new
+    head :ok
+  end
+
+  def get_session_value
+    render :text => "foo: #{session[:foo].inspect}"
+  end
+
+  def get_session_id
+    render :text => "#{request.session_options[:id]}"
+  end
+
+  def call_reset_session
+    session[:bar]
+    reset_session
+    session[:bar] = "baz"
+    head :ok
+  end
+
+  def rescue_action(e) raise end
+end

data/redis-actionpack-json/test/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application

data/redis-actionpack-json/test/dummy/config/application.rb

@@ -0,0 +1,29 @@
+require File.expand_path('../boot', __FILE__)
+
+require "action_controller/railtie"
+
+Bundler.require
+
+module Dummy
+  class Application < Rails::Application
+    # Disable class caching for session auto-load test
+    config.cache_classes = false
+
+    # Log error messages when you accidentally call methods on nil
+    config.whiny_nils = true
+
+    # Show full error reports and disable caching
+    config.consider_all_requests_local       = true
+    config.action_controller.perform_caching = false
+
+    # Raise exceptions instead of rendering exception templates
+    config.action_dispatch.show_exceptions = false
+
+    # Disable request forgery protection in test environment
+    config.action_controller.allow_forgery_protection    = false
+
+    # Print deprecation notices to the stderr
+    config.active_support.deprecation = :stderr
+  end
+end
+

data/redis-actionpack-json/test/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/redis-actionpack-json/test/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Dummy::Application.initialize!

data/redis-actionpack-json/test/dummy/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Dummy::Application.config.secret_token = 'a7d2ff143cdb3d1f9470a3ce2df7bb220a9c4498cb5c4a35150705de6719114b12ab7512a9618a2d3c25f8d6e62ab22c042445ed856ff674f4ee2faabd9d2041'

data/redis-actionpack-json/test/dummy/config/initializers/session_store.rb

@@ -0,0 +1,11 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.session_store :redis_store,
+  :key => '_session_id',
+  :servers => ["redis://127.0.0.1:6380/1/theplaylist",
+    "redis://127.0.0.1:6381/1/theplaylist"]
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# Dummy::Application.config.session_store :active_record_store

data/redis-actionpack-json/test/dummy/config/routes.rb

@@ -0,0 +1,3 @@
+Dummy::Application.routes.draw do
+  match ':action', :to => TestController
+end

data/redis-actionpack-json/test/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/redis-actionpack-json/test/fixtures/session_autoload_test/session_autoload_test/foo.rb

@@ -0,0 +1,10 @@
+module SessionAutoloadTest
+  class Foo
+    def initialize(bar='baz')
+      @bar = bar
+    end
+    def inspect
+      "#<#{self.class} bar:#{@bar.inspect}>"
+    end
+  end
+end

data/redis-actionpack-json/test/integration/redis_store_integration_test.rb

@@ -0,0 +1,130 @@
+require 'test_helper'
+
+class RedisStoreJsonIntegrationTest < ActionController::IntegrationTest
+  it "reads the data" do
+    get '/set_session_value'
+    response.must_be :success?
+    cookies['_session_id'].wont_be_nil
+
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: "bar"'
+  end
+
+  it "should get nil session value" do
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+  end
+
+  it "should delete the data after session reset" do
+    get '/set_session_value'
+    response.must_be :success?
+    cookies['_session_id'].wont_be_nil
+    session_cookie = cookies.send(:hash_for)['_session_id']
+
+    get '/call_reset_session'
+    response.must_be :success?
+    headers['Set-Cookie'].wont_equal []
+
+    cookies << session_cookie
+
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+  end
+
+  it "should not send cookies on write, not read" do
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+    cookies['_session_id'].must_be_nil
+  end
+
+  it "should set session value after session reset" do
+    get '/set_session_value'
+    response.must_be :success?
+    cookies['_session_id'].wont_be_nil
+    session_id = cookies['_session_id']
+
+    get '/call_reset_session'
+    response.must_be :success?
+    headers['Set-Cookie'].wont_equal []
+
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+
+    get '/get_session_id'
+    response.must_be :success?
+    response.body.wont_equal session_id
+  end
+
+  it "should be able to read session id without accessing the session hash" do
+    get '/set_session_value'
+    response.must_be :success?
+    cookies['_session_id'].wont_be_nil
+    session_id = cookies['_session_id']
+
+    get '/get_session_id'
+    response.must_be :success?
+    response.body.must_equal session_id
+  end
+
+  it "should auto-load unloaded class" do
+    with_autoload_path "session_autoload_test" do
+      get '/set_serialized_session_value'
+      response.must_be :success?
+      cookies['_session_id'].wont_be_nil
+    end
+
+    with_autoload_path "session_autoload_test" do
+      get '/get_session_id'
+      assert_response :success
+    end
+
+    with_autoload_path "session_autoload_test" do
+      get '/get_session_value'
+      response.must_be :success?
+      response.body.must_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">'
+    end
+  end
+
+  it "should not resend the cookie again if session_id cookie is already exists" do
+    get '/set_session_value'
+    response.must_be :success?
+    cookies['_session_id'].wont_be_nil
+
+    get '/get_session_value'
+    response.must_be :success?
+    headers['Set-Cookie'].must_be_nil
+  end
+
+  it "should prevent session fixation" do
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+    session_id = cookies['_session_id']
+
+    reset!
+
+    get '/set_session_value', :_session_id => session_id
+    response.must_be :success?
+    cookies['_session_id'].wont_equal session_id
+  end
+
+  it "should write the data with expiration time" do
+    get '/set_session_value_with_expiry'
+    response.must_be :success?
+
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: "bar"'
+
+    sleep 1
+
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+  end
+end

data/redis-actionpack-json/test/integration/redis_store_json_integration_test.rb

@@ -0,0 +1,130 @@
+require 'test_helper'
+
+class RedisStoreJsonIntegrationTest < ActionController::IntegrationTest
+  it "reads the data" do
+    get '/set_session_value'
+    response.must_be :success?
+    cookies['_session_id'].wont_be_nil
+
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: "bar"'
+  end
+
+  it "should get nil session value" do
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+  end
+
+  it "should delete the data after session reset" do
+    get '/set_session_value'
+    response.must_be :success?
+    cookies['_session_id'].wont_be_nil
+    session_cookie = cookies.send(:hash_for)['_session_id']
+
+    get '/call_reset_session'
+    response.must_be :success?
+    headers['Set-Cookie'].wont_equal []
+
+    cookies << session_cookie
+
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+  end
+
+  it "should not send cookies on write, not read" do
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+    cookies['_session_id'].must_be_nil
+  end
+
+  it "should set session value after session reset" do
+    get '/set_session_value'
+    response.must_be :success?
+    cookies['_session_id'].wont_be_nil
+    session_id = cookies['_session_id']
+
+    get '/call_reset_session'
+    response.must_be :success?
+    headers['Set-Cookie'].wont_equal []
+
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+
+    get '/get_session_id'
+    response.must_be :success?
+    response.body.wont_equal session_id
+  end
+
+  it "should be able to read session id without accessing the session hash" do
+    get '/set_session_value'
+    response.must_be :success?
+    cookies['_session_id'].wont_be_nil
+    session_id = cookies['_session_id']
+
+    get '/get_session_id'
+    response.must_be :success?
+    response.body.must_equal session_id
+  end
+
+  it "should auto-load unloaded class" do
+    with_autoload_path "session_autoload_test" do
+      get '/set_serialized_session_value'
+      response.must_be :success?
+      cookies['_session_id'].wont_be_nil
+    end
+
+    with_autoload_path "session_autoload_test" do
+      get '/get_session_id'
+      assert_response :success
+    end
+
+    with_autoload_path "session_autoload_test" do
+      get '/get_session_value'
+      response.must_be :success?
+      response.body.must_equal 'foo: #<SessionAutoloadTest::Foo bar:"baz">'
+    end
+  end
+
+  it "should not resend the cookie again if session_id cookie is already exists" do
+    get '/set_session_value'
+    response.must_be :success?
+    cookies['_session_id'].wont_be_nil
+
+    get '/get_session_value'
+    response.must_be :success?
+    headers['Set-Cookie'].must_be_nil
+  end
+
+  it "should prevent session fixation" do
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+    session_id = cookies['_session_id']
+
+    reset!
+
+    get '/set_session_value', :_session_id => session_id
+    response.must_be :success?
+    cookies['_session_id'].wont_equal session_id
+  end
+
+  it "should write the data with expiration time" do
+    get '/set_session_value_with_expiry'
+    response.must_be :success?
+
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: "bar"'
+
+    sleep 1
+
+    get '/get_session_value'
+    response.must_be :success?
+    response.body.must_equal 'foo: nil'
+  end
+end